Efficient support for confidentiality-preserving publish/subscribe systems
Publish/subscribe (pub/sub) is an attractive communication paradigm that offers efficient and decoupled information dissemination in distributed environments. Publishers generate the flow of information as publications, which are routed to subscribers based on their interests expressed as subscriptions. In the most common functional model, an infrastructure of brokers store the subscriptions, match incoming publications against stored subscriptions, and dispatch matching publications to the corresponding subscribers. <br> Early research on pub/sub mostly focused on improving performance, e.g., by maximizing the scalability of the pub/sub infrastructure and by minimizing dissemination latencies. The increase in popularity of pub/sub systems and externalized computing infrastructure lead to serious concerns about confidentiality preservation. Several techniques and mechanisms have been proposed to ensure confidentiality in pub/sub. However, these mechanisms come with performance costs. They also set new requirements that impede with the classical functional model of pub/sub systems. In this thesis, we present novel and innovative solutions to address these two aspects and make confidentiality-preserving pub/sub more practical and efficient. <br> Our first contribution is an overview of confidentiality-oriented research for pub/sub. We identify classes of solutions and highlight existing and future research directions. We observe the most important challenge for confidentiality-preserving pub/sub, which is to hide the content of publications and subscriptions from untrusted brokers, while allowing matching operations. Among the security models and solutions we identify in the existing work, encrypted matching schemes emerge as the most flexible solution. <br> Encrypted matching mechanisms allow untrusted brokers to match encrypted subscriptions against encrypted publications. However, these mechanisms have major performance overheads compared to non-encrypted matching. They may also prevent from using optimization techniques based on subscription containment. We propose a support mechanism that reduces the cost of encrypted matching, in the form of a prefiltering operator. This reduces the amount of encrypted subscriptions that must be matched against incoming encrypted publications. It leverages subscription containment information, but also ensures that containment confidentiality is preserved otherwise. We propose containment obfuscation techniques and provide a rigorous mathematical analysis to determine the amount of leaked information. We show that while there is a tradeoff between prefiltering efficiency and information leakage, it is practically possible to obtain good prefiltering performance in secure conditions. <br> Encrypted matching solutions require also appropriate key management support. Due to the use of encrypted subscriptions stored in untrusted domains, a key update may require all subscribers to re-encrypt and resubmit their subscriptions before publishers may use the new key. This is a costly and long operation. We introduce DynamiK, a lightweight key management architecture that takes into account the decoupled nature of pub/sub and allows updating encrypted subscriptions directly at the brokers. We present a security analysis and implementation of DynamiK for the ASPE encryption scheme, observing a minimal effect on the pub/sub service performance. We also extend the functionality and enhance the security of the original ASPE encrypted matching scheme, which we use for encrypted matching throughout our work. <br> Finally, we provide an overview of the current challenges implied by confidentiality preservation in content based pub/sub and discuss future research avenues.
Keywords: publish/subscribe, confidentiality, key management, encrypted processing Thèse de doctorat : Université de Neuchâtel, 2014
Type de publication
Resource Types::text::thesis::doctoral thesis
Dossier(s) à télécharger